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Abstract. In contrast to the previous century when the concept of electronic transfer was proposed, nowadays, electronic 
payments are drastically increased due to the rapid increase in online shopping or Internet-based banking. Electronic payments 
became the first option for transferring money to/from payer/payee in the twenty-first century. Visa cards, master-card, smart 
cards, debit cards, credit cards, e-check, and e-wallet, are the options for e-payments. Behind the acceptance of the new 
payment system depend upon the three factors- cost, time, and security per transaction take the place of each other. This paper 
will highlight the background study, types of electronic payment systems available, and which payment method users should 
choose considering the cost, time, and security factors. This research will also identify the issues and challenges of e-payments 
and suggest solutions to improve performance and quality in developing countries. This review paper aims to introduce the 
reader to electronic payment and update the reader with the current state of the art in the electronic payment system and provide 
an overview of past efforts and future trends of electronic payment transfer. 
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1. Introduction 

The transfer of payment electronically is an alternate mode of paying payments to the payee; in such cases, the electronic 
payment system arises as the third party serves the payee and payer. In other words, we can say that e-payment is a type of 
service that serves the customer who buys the goods over the internet via online shopping portals available at their local 
countries or globally, and it adds value to the online shopping provider and increases the ratio of sell. 

Concerning previous research work, the current amount of research work in this field is increasing day by day, but there is 
a lack of systematic literature review which is not yet addressed; therefore, this research work will contribute to the systematic 
literature review part as this study will be helpful for the upcoming research work within the field. 

Research work was motivated by previous studies’ gap; the primary motive of this systematic literature review over the ‘e- 
payment system’ is to introduce electronic payments. The secondary objective of this study is to (I) systematically collect, 
analyze and synthesize all previously available studies within the domain for specific keywords that satisfy the study area in a 
somewhat manner in order to summarize the previous work, (Il) Provide a list of payments systems available globally, (Il) provide 
a compare and contrast table for the different factors named cost, time and security per transaction for the globally available 
payments system, and (Ill) Highlight the issues and suggest some solution for improvement of performance and quality. 

Research questions (RQ) of this experiment were: RQ-1: Creating a background of different payment (including traditional 
and e-payment) methods and comparisons of currently available electronic payment methods. RQ-2: Table of Differentiating 
between traditional payments and e-payments in terms of security. RQ-3: Discussing the proposed models/algorithms for 
implementing the e-payments method from the literature. RQ-4: Defining Electronic Commerce (E-Commerce), its categories, 
and size of the business in each category. 
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2. Materials and methods 

In this study/review paper, we give an overview of an electronic payment system, discuss the background history, highlight 
current available payments system against e-commerce, individual features of each payment system in a tabular form, highlight 
the security flaws, and finally identify issues, and suggest a solution based on study and understanding. 


2.1. Defining the e-payment system 


The developments taking place in information and communication technology are increasing competition in financial 
institutions worldwide. Thus, the deployment of advanced technologies is essential to achieve a competitive advantage. In the 
world of banking, the development of E-Banking has an enormous effect on the development of more flexible payment methods 
and more user-friendly banking services [1,2,3,25]. Payment is the transfer of monetary value. A payment system consists of a 
set of transfer systems that ensure the instruments, banking procedures, and, typically, interbank funds circulation of money 
[1,2,22,30]. Furthermore, for extending the payment system in detail- the payments system is a third-party that helps payer and 
payee transfer and receive money respectively, or in other words, we can say that payment system is a backbone for creating a 
connection between payer and payee [2,31]. 


2.2 Characteristics of e-payment systems 

Electronic payment systems are required to bring the necessary infrastructure to facilitate payment over the internet. They 
are becoming an essential part of, and are greatly necessary for, further development of electronic commerce and electronic 
business, and of course, payment must have the following characteristics to become accepted around the world [4,5]. Atomicity 
must ensure that no loss of existing money and the new transaction can be made [5,37]. 


Confidentiality/information kept secure: The record of transactions kept in the organization as safe as can be, and it should 
only be available to the intimate level if there is any need for traceback at some stage. 

Security: The system must ensure the possibility of fraud within the system. 

Availability: The system must be available during the said working hours. 

Cost-effective: The transaction cost must obey the rules as per authority. 

The ability of integration: The system must ensure that it can work with all other existing payment systems that resemble the 
properties, and they must be integrated with the new payment system within the same environment [5,37]. 


3. Review method 
This section provides details about how we begin with our systematic literature review process; the following subsection is 
detailed about the review method. 


3.1. Review protocol 

This systematic search begins with a comprehensive review protocol based on the guiding principles and procedures of the 
systematic literature. This part contains the background history of research, search strategy, research questions, inclusion, and 
exclusion criteria; the background is already described in the previous section, and the rest of it is an upcoming subsection. 


Table 1. Inclusion and exclusion criteria 


Inclusion Exclusion 
The acceptance was only English-Language All other excluded 
It must be published between Jan-1999 to Aug-2016 Same as above 
If available full text Same as above 
Related to the topic, (All keyword searches included) Same as above 


3.2 Inclusion and exclusion criteria 

In this study, we consider research papers from (Journals, conferences, and workshops), published in English-us 
language, published from January-1999 to August-2016. We excluded poster sessions, presentations, articles, and any material 
that was found duplicated. Before including any paper, we had ensured that the paper must satisfy our inclusion criteria and be 
related to the central theme; if not, we excluded it. Table 1 shows further details of the inclusion and exclusion criteria. 
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3.3 Search Strategy 

The search strategy consists of two primary methods (automatic keyword-based search and manual reference-based 
search), as described in Figure 1. The automatic keyword-based search begins with identifying keywords related to the 
electronic-payment system with all possible methods of adding punctuations, while the manual search was beginning after the 
completion of automatic. Automatic search provides us material based on keywords while manual-based search provides us 
results based on the results of automatic, we manually pick references and search for that if found related material we added it 
and manually search for all other versions of research work added it if found related. Hence, we named these two searches as 
primary (PS) and secondary search (SS). 


| Automatic keyword search 


| Duplicated Studies excluded by “Mendeley” 


7 ae 


| Studies excluded based on full text availability 


¥ 


Final study paper after applying quality 
assurance criteria. 


Figure 1. Search Strategy 


3.4. Study selection process 

The study selection process was based on the toll-gate approach as described in [6,7,8]. First, we noted down the number 
of keywords to search; then we began our search strategy in all searches as mentioned earlier engines; using the selected 
keywords, we found 470 counts as a primary search (automatic keyword-based search). We added all the founded searches in 
Mendeley (a tool for managing the bibliography of publications). Out of these 470 searches, 94 were found duplicates and 
merged. Further, by applying the inclusion and exclusion criteria mentioned in Table 1, we finally develop 174 studies. We began 
our steps towards the secondary search mentioned in the previous section; we identified another 55-paper related to the 
keywords. After applying inclusion and exclusion criteria, we remained with 55 papers, and the total count is only 55. Here, 55 
studies were identified as a source for moving forward to the literature review, and all the papers are listed in the reference 
section. 


Table 2. Studies distribution of different publications before and after applying quality assurance criteria 


Source of study Count before QA Count after QA 
Google scholar used only (for secondary search) 
IEEE explore 1 1 
Springer link 390 6 
Science Direct (Elsevier) 73 27 
Research Gate 1 1 


Unknown source - 17 
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The distribution of search strategy before and after the selection is mentioned in tabular form in Table 2, and here we can 
see that before the selection process majority (390) of papers were found in Springer link followed by Elsevier (73), followed by 
research gate and IEEE explore (1 and 1). On the other hand, after applying quality assurance criteria, we were left with count 27 
searches of Elsevier followed by count 17 as an unknown source of publication; our reference manager could not recognize 
these seventeen paper/studies, followed by 6, 1, 1 springer link, research gate, and IEEE-explore, respectively. 


3.5. Quality assessment (QA) 

The objective of the quality assessment criteria based on quality questions (QQ) is to decide on selecting study papers. In 
order to find the quality paper, the following question was applied to each selected paper. 
QQ-1: Are the topics and finding addressed in the paper related to our literature review? 
QQ-2: Is the research context clearly defined in the study? 

QQ-3: Is the research methodology mentioned clearly in the study? 
QQ-4: Is the data collection method clearly defined in the study? 
QQ-5: Is the data analysis accurate and properly referenced? 

These five QA criteria are taken under the inspiration of [8]; this design is divided into three levels (high, medium, and low) 
for differentiating these studies. These three-level criteria were based on some scaling measures as we awarded a score of 2 to 
support a high level, followed by 1 awarded to support medium level and 0 for low. We awarded score individually every study 
based on quality questions- collectively if a study scored more than 5 we categorized as high, and if a study cored greater than 3 
and less than or equal to 5 we categorized as a medium, and finally we categorized as low if a study earns not more than 3. 
Even this quality assurance assessment is a highly subjective one, in counterpart, we also read almost all the research studies, 
and now we can comment about QA assessment, as this study will be a complete guide towards the electronic world of 
payments. See Figure 2, which shows the percentage and count for the studies after applying quality assessment. 


QA SCORE/Number of studies 


= High =Medium =Low = Total 


Figure 2. Quality assessment score sheet 


3.6. Data extraction and synthesis 

The process of data extraction and synthesis was beginning by reading carefully and extracting valuable data related to the 
topic from the selected study papers count as 50 listed below in the bibliography section. This step's purpose was to maintain an 
MS excel sheet for creating statistics (tables) and figures to present in human-readable. The following list of columns was 
considered in this study: Paper ID (P1, Pz, ... and so on) to identify study id, study title, the authors, date of publication, database 
provider, publication source, research context, document type, a topic addressed, and citation count. 

These lists of columns were used to synthesize data and provide a human-readable form, and it was also easy to maintain 
a record of each study against these attributes; after this step, we have Excel Sheet which is maintaining all this information for 
us. Table 3 listing those columns and describing more about these columns. 
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Table 3. Data extraction criteria for each study 


Name of the attribute used to extract data Description 

Paper ID Uniquely identification of paper 

Study title Title of the study paper 

The author Author of study 

Date Date of publication of the paper 

Database provider Availability of paper with free access 

Publication source Who is the publisher of the selected study paper? 
Topic addressed Is this study addressing the topic of study? 
Citation count Count of the citation of the selected study paper. 


4. Results of SLR 

This section aims to provide details about the work done before beginning with a systematic literature review. Here, in this 
section, we provide results from spreadsheets- in detail, this section highlights the publication resource, publication type, citation 
count, research methodologies, and methods of study. In the end, in this section, we present the context of research that has 
been conducted. The following subsequent sub-section describes the study further in detail. 


4.1. Publication source overview 

Most of the studies were published in high Impact Factor journal articles, and leading conferences can be noted from the 
citation count of each paper one of them is considering the highest cited in our case. Thus, the selection of such papers will 
result in the quality of systematic review and overall assessment of findings. The distribution of studies/papers is sown in the 
following Figure 3. In Figure 3, as we can see, the majority of studies were published as journal articles 48 studies from 56 that is 
86% of the whole after that conference proceeding and followed by book chapter and the last one unknown data publication 
(might be available somewhere but our reference manager fails to found it). However, due to topic relevancy and citation count, 
we have to keep these studies as these studies passed from our inclusion/exclusion criteria. 


NO OF ARTICLES 


mBook Chapter mConference Proceding mJournal Articles Other 


T% 2% 5% / 


Figure 3. Publication source 


4.2. Citation status 

Generally, talking about all selected studies’ citation count is good enough; this leads to the quality of papers included in 
this systematic literature review, and of course, it is an indicator of the studies' good impact factor. Figure 4 shows the citation 
count of included studies. The statistics of citation count were obtained from Google Scholar. The information provided here is 
not meant to claim citation count statistics; it may differ in results by comparing with another data provider. The data provided 
here is just a rough idea of citation count. 
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As shown in Figure 4, our statistics are relatively equal in all categories we have decided to measure. Among 56 studies, 5- 
studies were founded highly cited that fall in more than 40 citations, followed by 17 studies that fall under the citation category 
between 10-40. On the other hand, 23 studies were found in the category of 1-10 citation count, and finally, 11 studies were 
found zero citation this does not mean these papers are not valuable, but these papers are published in recent 2-3 years, so it is 
not expected to get high citation count in short term period. 


Citation Count Chart 


Between 1- Between 11- More than 40 Zero Citation 
10 40 Citation Count 


Figure 4. Citation count chart (x: Citation count, y: Paper count) 


Paper Count 


4.3. Temporal view 

The distribution of studies against year wise is presented in Figure 5. Figure 5 shows that the gradual increase in the 
number of publications in the era of electronic payment since 2000 since we noticed as the years passed the work has been 
conducted more and more and it is evident because of e-commerce/e-business. Thus, it is noticed that a gradual increase has 
increased since 2006 and it is observed that suddenly increase in since 2015. 

From the picture only one study was found in the year 2000, followed by 6 studies were found in the year 2001, continuing 
2, 2, 2 studies were found in 2002, 2003 and 2004 respectively, in continuation 1-study found in 2005, after that 6 studies were 
found in the year 2006 and so on, Figure 5 clearly shows year wise count of publication. 


Count 


Figure 5. Publication per year 


4.4. Research methodologies 

The distribution of the included studies is shown in Figure 6 regarding the research methodologies found in studies. It can be 
seen that both qualitative and quantitative methodologies were found in most papers. A mixed methodology was also used in 5% 
of the papers. Figure 6 shows 56-studies from them 34% were mixed methodology research studies and 31% of studies were 
qualitative, and 14% were quantitative, followed by the last 5% studies were unknown (their research methodology strategy was 
not present in the paper), and 16% were conceptual papers. 
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RESEARCH METHODOLOGIES DISTRIBUTION 
OF PRIMARY STUDIES 


Qualitative mQuantitative mUnclear mConceptual mMixed 


Figure 6. Research methodology 


4.5. Research Methods 
For classifying the research method against their research methodology, we applied the classification technique suggested by [9] 
as shown in the table below named Table 4. Figure 7 shows the distribution of research methods. 


Research Methods Count Statistics 


= Experiment =Case Study =Survey =Mixed =Review’ = Design Science 


Figure 7. Research method distribution 


Table 4. Research methods 


Research methods Description 

Case study Several techniques have been applied in this paper, mainly workshop, interviews, and documents. 
One or a few contexts are located in this category. 

Experimental Those studies were included in this category which are either field or laboratory experiments. 

Design science Studies that develop systems or tools fall into this category. 

Survey Those studies fell in this category, those who have use interviews or questionnaires to survey 
practices, opinions, and so on from a large population. 

Mixed method The mixed methodology is a combination of two studies, i.e., qualitative and quantitative. 

Delphi method Studies that report experts’ opinions were used in the field of study, including participation in 
meetings and other workplace activities. 

Review Those studies fell into this category, which analyses the existing studies, typically exploring the 


domain and understating the concepts. 
Not mentioned Studies that do not mention any methods, either implicitly or explicitly, are counted as not mentioned. 
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5. Research questions results 

After applying all the procedures that one researcher must follow to begin a systematic literature review, it is now possible 
to answer the questions for completing this study from a selected no of studies that were analyzed—creating a background of 
different payment (including traditional and e-payment) methods and comparisons of currently available electronic payment 
methods. 


5.1. History of payment 

From literature, the authors wrote about the history of payments as in the very beginning of the world people used to 
exchange goods and services in return for goods and services [9,10]. Then, the author discussed the second form of payment. 
People used to exchange money in return for goods and services. The earliest form of money was called commodity money; it 
was formed physical money because physical commodities were exchanged to pay for services and goods. The next step of the 
payment progression was using tokens like paper notes, which were backed by a deposit of gold and silver held by the note of 


the issuer. This technique is referred to as adopting a commodity standard. 


Traditional payments 


Payment type One line description Used by/For 
Cash payment It is the most commonly used form of payment- it is simple- it is Stores/Shops anywhere 
easy, and no time is taken along with hand to hand transfer of in the world. 


Check payment 


Credit transfer or Grio 


Automated clearing house 
(ACH) 
Wire transfer services 


Payment using cards: 
Type-1: Electronic purse 
(pay before purchase) 


Type-2: Pay now 


Type-3: Pay later 


money, so the expectation of high risk of robbery rises and the 
problem of cash saving [11,35,36]. 

Itis an easy and safe method for both parties but must have a 
bank account with one side effect know as time-consuming. This 
paper does not cover check bounce and other false conditions 
with check transfer [35,36]. 

The giro payment system is a type of payment that simply means 
"Circulation of Money." It is somehow resembling with check 
payment but depends upon certain conditions [11,35,36]. 


A well knows form of transaction for low value [12]. 


It handles payment transactions between businesses and banks 
and to and from Government. 

The electronic purse also is known as pay before the purchase. In 
this system, the buyer will pay before to the service provider and 
receive goods/services after that [11,13,15,53). 


This system also is known as the Debit Cards system; in this, we 
purchase the goods/service that we must pay for purchases at the 
time of purchase [11,12,14,53]. 


This system is also known as the Credit Cards system; we 
purchase the goods/service rather than pay dues on our own or 
depend upon the service provider [11,12,15,53). 


Person to person. 
Person to merchant or 
company 


Person to person. 
Person to merchant or 
company. Merchant to 
Government. 

Person to person. 


Business to Business 
Business to Govt. 
Person to Business. 
Person to Business. 


As we have already discussed different types of payments in the above paragraphs. Before listing the e-payments methods 
which are in practice now, the reader must clear some of the terminologies— 
Payment gateway/Payment system/Payment method is the three interchanging words; however, payments gateway differs 
from the two in terms of definition. 

A payment gateway creates a connection between Payer and Payee over the internet. 
Payer knew as the payment sender while the payee knew as the payment receiver; in other words, the payee is the merchant; 
however, the payer is the consumer. 
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Before discussing the e-payment system further, the reader must know about e-commerce; e-commerce is a primary 
method for conducting commercial business over the internet, e-commerce is primarily divided into five stages. However, there 
are some more levels which is none of the local business concern— local business means a standard consumer/registered 
company and a merchant/e-commerce service provider [13,39]. 


Types/Levels/Models of E-Commerce High Level of E-Commerce 


B2B - Business to Business E-Commerce B2G - Business to Government 
B2C - Business to Consumer E-Commerce 

C2C - Consumer to Consumer E-Commerce 

B2E - Business to Employees E-Commerce 

C2B - Consumer to Business E-Commerce 


How e-payment works: Following Figure 8 depicts the working of the basic e-payment system, and there are many more 
versions of this model, which is not our concern, so the author does not include other models. 


payment service provider payment service provider 


tran trans info 
as — & token 
enter PIN 
; Tr=T INN ; 
kK*K* 
) 2 Btege 
token 
payee payer payee payer 
(a) online payment (b) off-line payment 


Figure 8. How e-payments works 


5.2. Comparison of electronic payment systems 

The electronic payment system can send cash/money electronically for products and goods purchased via the internet. E- 
payments are dependent upon e-commerce, or in other terms, we can say e-payments are an integral part of the e-commerce 
business. One of the significant reasons for becoming famous in e-commerce transactions is perhaps the rapid development of 
e-payments systems. In developed countries, credit card has been used most of the time even before the advent of the internet. 
E-payments can be grouped into three categories 1) e-cash systems, 2) credit card payment system, and 3) e-cheque system. 
E-payments system has various requirements to become famous worldwide; some are listed below, commonly seen in the 
literature. These are security, acceptability, convenience, cost, anonymity, control, and traceability. Therefore, instead of focusing 
on the technical specifications of various electronic payment systems, scholars have distinguished electronic payment systems 
based on available features. Table 5 [14] presents a comparison of various electronic payment systems. 
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Features Online credit card Electronic Cash Electronic Cheque Smart Cards 
payment 
Actual payment time Paid later Prepaid Paid later Prepaid 


Transaction 
information transfer 


Online and offline 
transaction 


Bank A/C involvement 
Users 


Party to which 
payment is made 


Consumer’s 
transaction risk 


The current degree of 
popularity 


Anonymity 


Small payments 


Database 
safeguarding 


Transaction 
information face value 


Real/Virtual world 


Limit on transaction 


Mobility 


The store and bank check 
the status of the credit 
card 


Online 


Credit card account 


Any legitimate credit card 
users 


Distributing banks 


Mostly born by distributing 
banks 


Credit card org. Checks 
for certification and total 
purchases. Thus, used 
internationally. 

Partially or entirely 


Transaction costs high. 
So, not suitable. 


Safeguards regular credit 
card information. 


It can be signed & issued 
freely in compliance with 
the limit. 


It can be partially used in 
the real world. 


It depends upon the credit 
card limit. 
Yes 


Fee transfer. No need to 
leave the name of the 
parties involved 


Online 


No involvement 
Anyone 


Store 
The consumer at risk if 


stolen or misused 
Unable to meet internet 


standards in the areas of 


potential expansion & 
Intel. 
Entirely 


Low transaction cost. 
Suitable 


Extensive database & 
records S. No’s of use 
etc. Cash. 

Face value is often set & 
cannot be altered. 


Itis an only a virtual 
world. 


It depends upon how 
much prepaid. 
No 


Electronic checks or 


payment indication must 


be endorsed 
Offline allowed 


Bank account 


Anyone with the bank 
account 


Store 


The consumer bears risk 


but can stop check 


It cannot meet 
international standards, 
so not so popular. 


No anonymity 


It allows stores to 
accumulate debts until it 
reaches the limit before 
paying for it. 
Safeguards regular 
account information. 


It can be signed & 
issued freely in 
compliance with the 
limit. 

Limited to virtual but 
share checking a/c in 
the real world. 

No limit. 


No 


The smart card of both 
parties makes the 
transfer 


Offline allowed 


Smart card account 


Anyone with bank or 
credit card a/c 


Store 


Consumers-risk of 
stolen, lost, or misused 


Like online credit cards, 
and is becoming more 
widely used. 


Entirely, but if needed by 
the central processing 
agency can ask. 
Transaction costs are 
low, like electronic 
cheques. 


Safeguards regular 
account information. 


It can be deducted freely 
in compliance with the 
limit. 

It can be used in real or 


virtual. 


It depends on how much 
money is saved. 
Yes 


5.3. Table of differentiating factors between traditional payments and e-payments in terms of security 

As discussed in the previous section that traditional payments were named 1) cash payment, 2) check payment, 3) credit 
transfer or Grio, and 4) automated clearing house (ACH), and generally, the electronic payment system was divided into five 
categories 1) pre-paid card, 2) electronic-cash, 3) debit cards, 4) credit cards, and 5) electronic checks [16-22,28]. 


Why we need security in e-payment: The trust upon the e-payment method is solely dependent upon security because a 
strong and long-lasting relationship is entirely dependent upon security [23]. The online transaction does not mean to develop 
the business over the internet, but it is more critical to create trust over the internet because there are lots of fraud methods, so 
security requirements are part of strong customer relationship [13,22-24,28]. For the most part, security is a set of techniques, 
systems, and computer programs to verify the source of data and guarantee the trustworthiness and protection of the data 
(information) to go without this situation to prompt to a hardship (monetary) of information or system assets. The below table list 
down the security components mostly used to implement the e-payments system [13,22,23,25]. 
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Table 6. Basic building blocks of security mechanisms 


Name of security mechanisms Description 

Encryption It provides confidentiality, authentication, and integrity. 

Digital signatures It provides authentication, integrity protection, and non-repudiation 
Checksums/hash algorithms It provides integrity and authentication 


Table 7. Table of differentiation factor between conventional payment type and electronic 


Type of security factor Description 

Systems security The technical infrastructure and implementation should be as 
secure as needed to protect loss. 

Transaction security The information should be kept safe as described on the manual or 
website page. 

Legal security A legal frame for electronic payment. 


Listed above are the factors that differentiate a traditional and electronic payment system. Figure 9 [22] describes the 
overall picture of security-related factors. 


s —— 
CS - 
WS ¥ —_ ° _—— 
gies Security Statements —! 2 
— = = 
ae ea 5 a 2 
-Availability -Accessibility ~ = S 
pPighans = s 
-~Comprehensibility ... S z = 
° se - 
” coo BS il2e/! 8s 
5 . > . = 
-es — - = = 
proce Transaction Procedures = S = 
= —_ 
-Authentication -Modification = E = 
; S ‘S = 
-Confirmation ... = rs z 
goose — Qa. za) 
- ——a——_ = oo 
a. — Tr : : . = —_— 
ec d® _—_— Technical Protections oe | 
a ee ae 


\ 
\ 


-Privacy -Integnty -Stability ... 


Figure 9. Diagram of factors that influence perceived security and perceived trust in “EPS use. - *EPS- Electronic Payment 
System -Source [22] 


From the literature, we can classify the aspects that influence consumers’ observation about security and trust in electronic 
payment systems into three main categories [24-26,32]: 1) Security statements- As described earlier, security statements refer to 
the information provided to consumers in association with EPS operation and security solutions, 2) Transaction procedures- 
Transaction procedures refer to the steps that are designed to facilitate the actions of consumers and eliminate their security 
fears, and 3) Technical protections- Technical protections refer to specific and technical mechanisms to protect consumers’ 
transaction security. 


RQ-3: Discussing the proposed algorithms/models for implementing electronic payment known as a secure electronic 
payment protocol 
EPS: Electronic Payment System Secure E-Payment Protocol 

There were too many other protocols that were presented in literature from which three are mostly identified in the literature 
listed below name and working off those three secure-electronic payment protocols. 
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The most essential and open-source protocols are SSL:/TLS- secure socket layer/transport layer security. 

Netscape Inc. originally designed this protocol as a method for secure client-server communication over the internet 
environment. On getting fame now, it is implemented in most web browsers [22,26]. SSL was designed to achieve two main 
objectives. These are a) to ensure privacy, by which means encryption of data being transferred to and from client and server, 
and b) to provide validation/authentication of the session partners using the RSA Algorithm. Furthermore, SSL protocol is 
subdivided into two categories [13,26,27], such as SSL Handshake protocol and SSL Record protocol. It is known that SSL/TLS 
is the most widely accepted and deployed protocol for implementing a secure electronic payment method/system. SSL/TLS is an 
intermediary protocol that sits between TCP and higher-layer. It can be deployed over any application layer running TCP 
(Transmission Control Protocol), including HTTP and HTTPS. 

The SSL communication starts by sending requests/handshakes to the client and sending a certificate in the response. A 
certificate is nothing else than a piece of secure data that includes an encrypted key associated with the server, other related 
information knowingly owner's certificate, expiry date, and the server's domain name. Market acceptance and user confidence 
became the most highly factors for being famous in a secure electronic protocol environment, so the use of this protocol is very 
high. It is also worth noting that SSL/TLS is sufficiently secure for the vast majority of consumers and uses it today to guard 
everything against credit card transactions and electronic banking; Figure 10 shows the working of SSL/TLS protocol. 


SSL Client SSL Server 


(1) “client hello” 


Cryptographic information 


(2) “server hello” 


_&) Cipher Suite 
Verify server Server certificate 
certificate. “client certificate request" (optional) 
Check 
cryptographic 
parameters (4) Client key exchange 


Send secret key information 
(encrypted with server public key) 


(5S) Send cient certificate (> 


Verify client 
certificate 
(7) Client “finished” (if required) 


(8) Server “finished 


(9) Exchange messages 
= 


(encrypted with shared secret key) 


Figure 10. Overview of SSL/TLS messages exchange between client and server 


SET- Secure Electronic Transaction 

The author “Arnab” wrote in his paper that back to 1996, there were two leading credit card companies, Master Card and 
Visa Card, became together along with IBM and other companies to create a standardized payment and security process, in the 
result, they form Secure Electronic Transfer- SET [28-34]. Secure Electronic Transaction Protocol: Financial sectors wanted a 
very immediate solution to how a credit card works to successfully perform a transaction without facing security and trust, 
business-related groups, and communities [27]. SET is known as a very secure electronic payment handler; it prevents fraud, 
and it was one of the main objectives behind the appearance of the set [13,33-36]. As we saw in our previous protocol, SET uses 
different techniques to prevent fraud using rigorous authentication measures and encryption. SET, Secure Electronic Transaction 
provides a high level of security and privacy for its customers and ensures that the information will only see by the Bank. 
Furthermore, Figure 11 depicts the working of the SET protocol [13,33,34]. 
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SET Transactions 


1. Customer browses 
and decides to purchase 


2. SET sends order and payment intormation 
aad 


Customer 7. Merchant completes order. Merchant 
re 
3. Merchant 6. Bank 8. Merchant 
9. Issuer sencis credit Card forwards authorizes captures 
bill lo customer. payment payment transactions 


woformation 
to bank. 


4. Bank checks with 
issuer tor payment 
autherizatian 


5S. issuer authorizes 
payment. 


Customer's bank (“issuer”) Merchant's bank 


Figure 11. SET Transaction steps 


Table 8. Comparison of SSL/TLS and SET (secure electronic protocol) 


Key point SSL SET protocol 

Security Less secure More Secure 

Technique Encryption/Decryption Encryption/Decryption with dual signature 
Merchant security Less Yes 

Client security Less Yes 

Payment gateway No Yes 

Channel security No Yes 

Use of digital certificate No Yes 


IOTP: Internet Open Trading Protocol 

Last but not least, IOTP is known as an internet open trading protocol; this protocol provides an interoperable framework 
for C2B- consumer-to-business internet-based electronic commerce. It was designed to replicate real-world transactions where 
consumers can select their choice products, vendor and choose their payment method (w.r.t to vendor's availability) even 
arrange delivery on their own choice. The originators of IOTP expect that this convention will be the most widely used language 
of Internet business known as e-commerce, similarly as EDI has turned into the standard document language for real commerce. 


Benefits of IOTP: 

Payments Types: IOPTP gives a standard structure embodying payment protocol; this implies that it is easier for payment 
products to be consolidated with IOTP solutions. Therefore, the payment method will be more widely available [13]. 

Vendors: They will have more capacity to offer more a more extensive number of payment brands. They can be increasingly 
sure that the client will have the software to finish the purchase. By receiving payment and delivery receipts from their clients, 
vendors will give customer care knowing that they are dealing with the individual or organization they initially traded [13]. Figure 
{2 demonstrates the general flow of an IOTP-based purchase. Note that it may be more appropriate to relate IOTP as a 
shopping protocol instead of a payment protocol [13]. 
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Payment Delivery 
Consumer Merchant Handler Handler 


Offer Response Gmvoice) 


Payment Request Gnvoice, payment-specific data) 


Payment Exchange (payment-specific data) —-. 
Payment Response (receipt, payment-specific data) 
Delivery Request (invoice, receipt) 

=. 


Figure 12. General flow IOTP protocol 


RQ4: Defining Electronic Commerce (E-Commerce), its categories and size of the business in each category 

The term E-commerce is termed as electronic commerce, the world of e-business termed as an electronic business. E- 
commerce is a service provided by merchants for their consumers. Consumers can purchase electronically without the influence 
of any physical activity; it may or may not include payment electronic payment method from which merchants can receive 
payments electronically [38-44]. Electronic commerce is purely connected with business and its types— the term business is 
known as an activity between buyer and seller known as business activity [43]. Electronic Commerce entirely depends upon the 
types of business that occur in daily life. 


Categories/Types of electronic commerce 

There is a total of seven categories which we come found from literature from which four types are in use of regular use 
without the interaction of any governmental body known as [45-49], and each of categories has different characteristics. The size 
of business depends upon the amount of order or quantity of order [17,50]. 

a) Business to Business (B2B) describes transactions between businesses, like transaction commerce between 
manufacturers and wholesalers or retailers and wholesalers. The amount of price depends upon the quantity of the 
order. The value of business or volume of business is highly greater than contrasting business terms such as business 
to the consumer, which is small in the amount of business. Business to Business was also known in the context of 
communication. Because nowadays, many businesses use social media for advertising their products and targeting 
their consumers for generating business; however, in this case, their consumers are also other business parties, so 
this category is known as business to business. The short term B2B was originally invented to describe the electronic 
communications between businesses or traders to differentiate it from the communications between businesses to 
consumers [17,38-43]. 

b) Business to Consumer (B2C)- The term business to consumer is sometimes also known as business to the customer; 
it distinguishes by the relationship between the customer, either it could be business or consumer. This type of 
business has developed too fast because of the fame of the web, and various online stores exist earlier and making 
business in Million Dollar per day. An example of a business-to-consumer transaction could be a customer buying an 
electronic mobile device from a retailer when the product is made available for a customer. This type of transaction is 
known as business to the consumer, while the massive amount of product/item was made available to retailers known 
as business to business [39-43]. 

c) Consumer to Business (C2B)— Consumers to business is terminology in which individual consumers offer their product 
and services to the companies and buy their product. This type of business model differs from business to consumer, 
or it is reverse in operation. An example for this category would be like this an individual author offers his book on 
Amazon.com. However, the percentage from that sold book can be transferred to the author in return for services or 
goods [39]. 
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d) Consumer to Consumer (C2C) - Consumer to Consumer is a business model in which consumers themselves sell 
their services or goods over the internet. Buyer trust over the provider of that service in other terms electronic 
commerce website or online portal where the product was being offered or auctioned. An example of this business 
model could be a consumer post his services or goods, and one of the needy consumers bid that post, the third party 
will apply some flat commission charges for providing a platform [39-45]. These are 1) Government to Business (G2B), 
2) Government to Consumer (G2C), and 3) Peer to Peer (P2P). 


There is no need for face-to-face conversation/operation and all transactions made through electronic commerce [38]. 
Most of the literature only describes the basic four models; hence, we define four models and left three models as 
undefined. Table 9 depicts the general types of electronic commerce in a graphical representation [39,42]. 


Table 9. Types of e-commerce 


Type Name Short Description 

B2B Business to Business Online business, selling to other businesses. 

B2C Business to Consumers Online business, selling to individuals. 

C2C Consumers to Consumers Consumers are selling to other consumers. 

P2P Peer to Peer Peer-to-peer technology is a communications model in which each party 
has the same capabilities, and either party can initiate a communication 
session. 

M-Commerce Mobile Commerce Use of wireless digital tech devices to perform transactions over the 


internet for business growth. 


Size of Business 

The models in terms of business size are micropayments such as the amount between ($1 to $10) mainly conducted from 
consumer and business to consumer e-commerce. Payment amount between ($10 to $500) considered as business to 
consumer model. Payment amount more than $500 is mainly conducted in business to business model P2P and C2C. Both 
models fall into the same category, and both are relatively small in terms of an amount compared to business to business and 
business to consumer. Furthermore, authors Cavarretta and de Silva [50] also add three more categories to categorize the e- 
commerce model in terms of business. These are i) Tiny value transactions: below $1 ii) Medium value transactions: between $ 1 
and $ 1,000, and iii) Large value transactions: above $ 1,000 [14,50]. 


6. Conclusion 

This study presented an overview of electronic payments by conducting a systematic review study on articles published 
during the year-2000 to year-2016. A multi-step model was used to include and exclude the studies depicted in Figure-1; these 
studies were searched from the highly reputed database using keywords related to our study; all the things were presented in the 
above tables. In order to answer each question, we identified many studies from which we extracted and summarized the data 
related to our study. 
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